Page 1 of 1

everyone has access to PUB-Folder

PostPosted: Mon Sep 27, 2010 12:39 pm
by Henning
Hi,

I just figured out, that eScan Corp creates a pub folder on the server including some sub-folders with shares. A couple of them are configured with all access to every user - including full ntfs permission to everyone! In other words: everyone who knows the hidden share-name is able to view:

-AVX
-DEPLOY
-LOG

I'm not sure of it's possible that a user with some knowledge is able to do changes on policies, changing eScan admin passwords etc etc etc... I don't want to think any further about this...

Kind regards,
Henning

PostPosted: Mon Sep 27, 2010 6:04 pm
by vineeth
Hello,

With reference to your query regarding the shared folder access on the eScan server , the mentioned folders are used by the eScan client systems and hence need to have specific rights inorder to download the updates and upload thier respective log files.
Regarding the query about a user being able to make changes to the deployed policies on these shared folders, download and install the eScan hotfix from the below link on the eScan server .
A new feature i.e. self-protection has been added wherein users won't be able to make any changes on the files in the shared folder.

Link for Hotfix 1.0.0.823
http://download1.mwti.net/download/hotf ... patch1.exe
Please reboot the system once after installing the hotfix.

The hotfix has not been released yet and has been provided to you on a temporary link.It will be made availlable globally in some time.


Kindly revert back in case you have any more queries.